»
SUSE Linux 9 Guide

The standard Linux logging facility is syslog. The syslog daemon intercepts messages logged to the system logging facility and then processes those messages based on the configuration specified in etc syslog.conf. The other side of syslog is the klogd process, the kernel logging process that processes kernel-specific messages such as kernel crashes or a failure in a component of the kernel (for example, a kernel module). Note Not all processes use the syslog method of logging. You will see in...

In reality, the TCP IP standard does not adhere 100 percent to the OSI model. As we said, the model is only a reference guide, and protocols do not have to follow it exactly. The TCP IP model fits more closely to the DoD (Department of Defense) model of a network protocol shown in Figure 6-2. TCP IP is not as abstracted as the OSI model, and many of the components fit into the DoD model. For example, the TCP IP application usually takes care of the format of the data that is sent and also the...

When you have read the release notes, click Next and you will be asked to configure your hardware (see Figure 1-30). The YaST installer and the YaST system configuration manager will run the same modules to configure hardware. For now you will configure the video card so that you can use X KDE GNOME. Select Change O Graphics Cards, and the Sax2 tool will be loaded to configure all aspects of X Windows, including monitor, graphics card, mouse, and keyboard. The Sax2 tool is a utility written by...

When your firewall has been configured to your liking, you will want to log any traffic that has not been explicitly sanctioned by you. To do this, you need a final rule before the packet hits the default policy for the chain that uses a target of LOG. The LOG target interprets the TCP IP packet and logs it via the syslog facility for you to monitor unauthorized traffic. Just logging raw, unauthorized traffic is quite difficult to manage, and thankfully the LOG target allows you to specify a...

The EAL certifications are provided by a body (the Common Criteria Evaluation and Validation Scheme) that was set up under international agreements. SLES 8 was certified EAL3+ at the beginning of 2004, and in cooperation with IBM, it is Novell's intention to move toward higher levels of EAL certification, which allow products to be used in government and defense applications that require security certification. SLES 9 is now under consideration for the EAL4+ certification. The acquisition of...

The SLOX system's base operating system is the now deprecated UnitedLinux. SUSE, Caldera, and TurboLinux, along with the major vendors, decided that a base, certified Linux distribution was needed so that vendors could certify against it. Since the SCO lawsuit, UnitedLinux has been disbanded, but SUSE has still used the UnitedLinux base as the certified platform for SUSE Linux Enterprise Server (SLES) 8 and SLOX. As SUSE was the distributor that UnitedLinux was written by, this has not impacted...

To set up your environment for compiling the RPM, the source file has to be located in usr src packages SOURCES. You need to use the rpmbuild program to take the spec file and compile the source based on the configuration you have specified. The -bb argument is used to specify that you wish to build (b) and binary (b) package. You can see in Listing 12-10 how the build process follows the spec file you have created, going through prep, setup, and files to compile a binary RPM. Listing 12-10...

Modems are notorious for being something of a problem area for Linux because many of the internal PCI modems that are on sale are not true modems, but are what is known as win-modems or soft modems. The idea behind winmodems is that some of the functionality of the modem can be offloaded from hardware into software the software in question being the Windows operating system. As these devices are designed to work only with Windows and in theory require a Microsoft operating system to work, it is...

FTP is the File Transfer Protocol, which is best known as a way of allowing anonymous downloads from public Internet servers. Traditionally, Unix systems ran an FTP daemon by default, and users expected to be able to move files to and from their home directories using an FTP client from elsewhere. This was a convenient way of accessing the system without logging on, and was available from any kind of client. This type of use of FTP has come to be seen as both insecure and unnecessary It is...

All mail-based services are provided by Postfix and Cyrus, both very scalable and reliable mail services. Cyrus and Postfix both rely on the user data stored in LDAP to function correctly. Any user that wishes to make an Internet Message Access Protocol (IMAP) connection must exist in the LDAP server to be allowed access to any other SLOX service. Any configuration changes you wish to make to Postfix can be done either through the web interface or via the Postfix configuration files directly....

When UnitedLinux has been configured, you move on to the SLOX-specific configuration 1. We will be configuring SLOX as an Internet facing mail server, talking to an external Domain Name System (DNS) server (Internet lookup capable). With this in mind, we will not configure an internal DNS or Samba server because this is not needed for the operation of the mail server and is very rarely used in an existing network. Note If you want to configure a DNS and Samba server, you need to set the...

The term booting comes from the saying Pull yourself up by your bootstraps, which is fundamentally what a machine must do. When power is applied to the processor, it carries out a self-check to make sure it is healthy and jumps to a predefined address in memory called the BIOS (basic input-output system) to load and initialize the system hardware. The BIOS is the piece of code that checks your system memory, initializes hardware, and checks to see if you have a bootable operating system. This...

Samba is configured through settings that are stored in a text-format configuration file, which is located in the file etc samba smb.conf on your SUSE system. The huge number of settings available in this file provides an interesting demonstration of the flexibility and power of the Samba software suite. The Samba software suite provides excellent documentation about configuring and using every aspect of Samba. In addition, a number of excellent books are available on Samba and Samba 3 at your...

The Winbind daemon, winbindd, enables the Linux name switch service (NSS) to retrieve user and group information from a Windows primary domain controller (PDC). This provides a networked authentication mechanism similar to the Network Information System (NIS and NIS+) often used in computing environments that make heavy use of Sun's Network File System (NFS). The Winbind daemon enables Windows users to log in on a Linux machine using the Windows credentials provided by the PDC without requiring...

User client home user &gt ftp bible Using binary mode to transfer files. 229 Entering Extended Passive Mode ( 16553 ) If you want to allow existing local users to upload files, you need to set the following in If you have done this, a new user FTP session like the one shown in Listing 22-2 will succeed in uploading to the user's home directory. If you also want to allow uploads from anonymous logins (ftp or anonymous), you need to enable the following There will have to be directories on the...

Most of the control over how NFS behaves is based on the server however, there are some options to the mount command that make a difference. You may want to force a read-only mount (even if the server is offering the share read-write). At the command line, you type root client mount bible share mint -o ro In other words, mount the directory share from the server bible (which is being made available by NFS) on the mount point mnt, with the option (-o) to the mount command ro, which means...

The sharing of directories by NFS is controlled by the file etc exports, which contains a list of directories with details of the hosts they may be exported to and other options. A simple example such as etc exports might contain just the following line This will export the directory test to the host client. The option rw (read-write) is set. If you restart the NFS server, you see this Shutting down kernel based NFS server done Starting kernel based NFS server exportfs etc exports 8 No 'sync'...

The SUSE installation media contain the Squid installation package first, you need to install this in the usual way using YaST. Squid is included in the YaST installation selection Network Server. Here we assume that you are setting up Squid on a machine on your network that has adequate access to the outside world. Simply installing and starting Squid is not enough Starting WWW-proxy squid ( var cache squid) usr sbin rcsquid line 135 14165 Aborted SQUID_BIN -z -F &gt dev null 2&gt &amp 1 Here...

The command showmount provides information about mounts on an NFS server. user client &gt showmount -e bible This command lists the exports list for the server bible. Typically this will be the contents of etc exports, but if changes have been made without using exportfs as described in the previous section, these will be reflected in the output. root bible exportfs -i -o rw,sync client home user client &gt showmount -e bible test * home client In the preceding example, you can see home, which...

There are many different ways to mount a shared Windows drive on your SUSE system, the easiest of which is to use the standard Linux mount command. For example, to mount an SMB share named wvh that is available on an SMB server named home, mount that share on the directory mnt smb, and access those files as the Windows user wvh, you would execute a command such as the following as the root user mount -t smbfs -o username wvh home wvh mnt smb The above command line can be broken down as follows...

If any network interface cards have been detected in the system, you will be asked to configure them for network access (see Figure 1-21). By default, YaST sets the first Ethernet card it finds as your system's primary Ethernet interface and assigns it an address that is configured via the Dynamic Host Configuration Protocol (DHCP). You can find discussions about DHCP servers in Chapter 19. For most people using SUSE in a business environment, a DHCP server may already be running, and an...

NFS is the Network File System, which was pioneered by Sun and has become a standard in the world of Unix. With NFS, clients can mount filesystems across the network that are being offered by NFS servers and can work with them as if they were filesystems mounted from local disks. NFS is a simple and widely used method of sharing files across the network. In this chapter we look at how to mount NFS filesystems and how to set up an NFS server.

Selecting the Network Services icon brings up the Manage Network Services area. This section includes tabs to manage DNS, dynamic DNS, the Squid proxy, and printers. If you choose to use the Standard Server as your network DHCP server, you will also find a DHCP tab on this page. DNS Configuration Certainly adds some real value getting the syntax of the bind configuration files right if you create them from scratch is often an irritation (see Figure 28-12). .ocrxion Fn Viriw n HpokmirtTS Toplf...

In the previous section, we talked about the shortcomings of the syslog method of logging. The syslog-ng method goes further with the logging process by allowing you to specify regular expressions based on what the message contains for logging and by logging to specific files based on what the message contains. For example, the Linux firewall command iptables enables you to specify a logging prefix. If you were to use syslog-ng, you could specify that if the message that was intercepted by...

If you decide not to use either KDE or GNOME, a variety of X Window system window managers are available. Essentially, your choice is about balancing beauty against simplicity. If resources are limited, one of the fairly minimal window managers may suit you. Also, if you are in the habit of starting everything from the command line, then complex menus and icons may not be so useful to you. At the very minimal end of the spectrum, TWM and MWM provide an environment where you can start an xterm...

Like most administrative tasks on a SUSE Linux system, configuring and starting a Samba server is most easily done through YaST. You can start YaST in the same way as discussed earlier in the chapter in the section Configuring a Samba client. To configure and start a Samba server, follow these steps 1. Click the Network Services icon in the left pane of the YaST Control Center and scroll down the right pane until you see the Samba Server icon, as shown in Figure 18-12. Figure 18-12 Samba Server...

Like most administrative tasks on a SUSE Linux system, configuring and starting a Samba client is most easily done through YaST. If you are running the X Window system KDE desktop (SUSE's default graphical environment), you can execute by selecting YaST from the Control Center menu, which is available by clicking the SUSE icon at the bottom-left corner of your KDE desktop. If you start YaST as the root user, the YaST dialog displays immediately, as shown in Figure 18-1. Note If you start YaST...

We have talked about fixing system problems by changing the boot runlevel of the system temporarily, but what if you encounter a dire problem such as forgetting the root password This requires another approach because you will need the root password at some point. SUSE realizes the need to be able to repair a Linux system, which generally requires Linux tools and access to the ailing Linux system using those tools, and so has included a Rescue System on the first CD or DVD in your SUSE...

The grep (global regular expression print) command is a very useful tool for finding stuff in files. It can do much more than even the examples that follow this paragraph indicate. Beyond simply searching for text, it can search for regular expressions. It's a regular expression parser, and regular expressions are a subject for a book in themselves (but were introduced in the section Advanced shell features earlier in this chapter). When using or administering a system, you often need to look...

A firewall, whether Linux-based or not, should always be used to protect machines connected to the Internet. A firewall, by its very nature, is designed to control what can be accomplished over the network, and it is very unlikely you want your 200 Windows machines to be connected to the Internet in full view of any malicious person that comes along (and bare Windows machines on the Internet are like drops of blood in a 10-mile radius of a pack of sharks ). Most people think that a firewall is...

One of the biggest things that annoyed Linux users in the past was the configuration of printers. In the Windows world, the addition of a printer was painless, but in Linux it seemed the process was always marred by problems with drivers and configuration options. The Common Unix Printing System (CUPS) print drivers have helped to provide a unified printer architecture for Unix in general, and with distributions such as SUSE providing configuration front ends, the problems have become less...

Mounting a filesystem is what you need to do to make the files it contains available, and the mount command is what you use to do that. In Linux, everything that can be seen is part of one big tree of files and directories. Those that are on physically different partitions, disks, or remote machines are grafted on to the system at a particular place a mount point, which is usually an empty directory. To find out what is currently mounted, simply type the command mount on its own. Note SUSE now...

To create an alias of a host so that a lookup returns the same IP address, you use a CNAME record. It is an alias for a host name, and we have found it most commonly used to define the address www.hostname.tld when the web server is on the same host as the DNS server. When you have it composed, the zone file can be saved as a standard text file. You then need to add the zone to the named.conf file so that BIND can load and serve the zone to the network.

The exportfs command can be used to handle the exporting of directories directly from the command line. To export all directories listed in etc exports, use exportfs - a. If etc exports has changed, exportfs -r rereads etc exports and changes the state of the directories being exported accordingly. This is like doing rcnfsserver reload. You can export a directory that is not mentioned in etc exports by doing something like this root bible exportfs -iv -o rw,sync client tmp The -iv option tells...

SUSE runs a number of public mailing lists. You can subscribe to them at www.suse.com en The lists are archived at http lists .suse.com . The general purpose SUSE list in English is the suse-linux-e list. This mailing list is a general technical discussion list with a high volume of messages. The quality of responses is high, and it is well worth joining provided you are prepared for the large number of mails you will receive. Other interesting and lively SUSE lists include suse-oracle and...

Before you touch upon setting more specific rules, you need to set the default policy for the firewall and enable some state rules (see Listing 23-2). Listing 23-2 Setting Initial Firewall Rules iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Here, you have set the default policy for all chains to DROP the packets. At this moment in time, all...

We discussed runlevels earlier in this chapter, and if you have a corrupt system, or a runaway process that is loaded in the i nit process, one way to fix this is to force the system into a specific runlevel to stop that process from running. This is achieved by passing the runlevel number to the boot loader at boot time. Both LILO and GRUB are capable of passing parameters to the kernel before it is loaded, which is a feature that every Linux user should know how to use. The kernel is able to...

On a SUSE system, the operation of the NFS client is treated as a service and has its own startup scripts in etc init.d and the related command rcnfs. The commands rcnfs start and rcnfs stop (run as root) start and stop the NFS client service and mount and unmount (if possible) any NFS shares that are included in etc fstab. The unmounting fails if the mount point is in use. If the service nfs is not set to start in runlevels 3 and 5, the Network File Systems specified in etc fstab will not be...

Every machine that is directly connected to the Internet must have a public IP address, commonly known as a routable address. A routable address is one that a connection can be made to from anywhere on the TCP IP network, in this case, the Internet. For example, any web site you visit that is on the Internet has a routable address. If it were non-routable, packets would not be able to be routed to it. Each IP address class has its own non-routable address, which can be used in a private IP...

In this section, we look at the slightly more difficult challenges of extracting exactly the lines or parts of lines that you want from a text file, based on certain criteria. grep The grep command is the global regular expression printer. What that means is that it cannot just search for a particular string in a file and output the lines where that string occurs, but can search for text that follows a particular pattern and output the matching lines. For example, the pattern could be a single...

Squid is the most popular open source caching web proxy server. This means that it fetches and holds local copies of pages and images from the web. Client machines requesting these objects obtain them from the Squid proxy server rather than directly. There are several good reasons (and possibly also some bad ones) why people use Squid and other caching web proxies. A web cache on the local network means that objects (web pages, images, and so on) that have already been requested do not need to...

The diff tool compares two files and produces output that describes precisely the difference between the files, containing all the information needed to restore one from the other. In the simplest case, if the two files are identical, the command diff file1 file2 produces no output. The diff command can report the differences between the files in more than one format here you use diff without options user bible &gt cat file1 red elephant, red wine blue mango red albatross user bible &gt cat...

Choosing the type of filesystem that you want to use on your system can be tricky. Throughout the earlier sections of this chapter, we have explored the capabilities of various Linux filesystems and suggested the types of tasks that each is best suited to. However, nothing shows the performance of a filesystem better than benchmarks that you can run against each, and then simply compare the results. Various books and articles on Linux filesystems provide just this sort of comparison. Justin...

If your company uses a proxy, or you use a proxy at home, you can set a global system proxy that a large proportion of network utilities will try to honor. You can set up either an anonymous proxy or one with user credentials. The proxy configuration itself is not intelligent because all it does is inform your applications that the proxy should be a certain host with a username and password (if specified). It does not impact how the application communicates with the server. To set up your proxy...

The configuration options we just discussed represent only a small amount of what can be done with Postfix. We now talk about how this all works together and what it provides to you as a mail server administrator. Note Any parameter that starts with an SMTPD controls some part of an incoming SMTP-based connection. Similarly, any parameters starting with SMTP refer to outgoing (to other SMTP servers) connections. Configuring and securing your relay policy Postfix's relaying policy (allowing...

In most cases, you will create ReiserFS partitions when you first install your system. However, if you subsequently add a new disk drive to your system, you will need to partition it and create filesystems on those partitions. The ReiserFS filesystem is an excellent choice for most Linux filesystems, especially user filesystems and mail or web server partitions where you will be creating and deleting large numbers of small files. As discussed earlier, the design of the ReiserFS makes it a fast...

The variety of modules that Webmin includes can be seen from the Networking tab and Servers tab (see Figure 14-10). These include items that have only recently become part of YaST (such as IPsec configuration and HTTP configuration) and others that are still not included in YaST (such as Point-to-Point Tunneling Protocol (PPTP) server and client, CVS server, MySQL server, and others). At the time of this writing, at least one of the new YaST modules is buggy, and Webmin may be a useful...

To administrate SLOX, you need to log into the SLOX interface using a web browser. The administrative user who has full control over SLOX is called cyrus. The cyrus user can control users, services, mail spools, and the monitoring of the SLOX system using the administrative interface. To log into your SLOX installation, open a web browser and enter the IP address of the SLOX Note If you are a clever administrator, you would have entered the IP address of your SLOX instal lation into your DNS...

We will now go back to the beginning of the boot process and talk about boot managers. As you saw earlier in the chapter, the boot manager helps the system load other operating systems. You should see it as a stepping stone from the BIOS to the operating system itself. Two boot loaders are used in Linux the traditional LILO boot loader and the newer GRUB boot loader. The Linux Loader (LILO) was one of the first boot loaders available for Linux. It is a relatively simple loader that was designed...

Link encap Linux supports not only Ethernet, but other networking devices. This signifies what data link format is used. In this case we are using an Ethernet device. Hwaddr The hardware address (commonly referred to as the MAC address) of the inet addr The IP address of the interface. Inet6 addr The IPv6 address of the interface. Scope The scope of the IPv6 address. UP Flag to signify this interface is up, or active. BROADCAST This interface will accept broadcast traffic (Ethernet, not IP)....

The discussions of mounting filesystems in the previous sections wouldn't be complete without a parallel discussion of unmounting those filesystems. Unmounting a filesystem removes the association between that filesystem and the directory in which it was mounted. In the case of removable media such as a CD, you will not be able to remove the CD from your drive unless it is first unmounted. Unmounting a filesystem is done using the umount command (note the missing n). You must be the root user...

Linux stores most user preferences in so-called dot files in the user's home directory. If a filename starts with a dot, it will not be displayed by the ls command unless you use the - a option and is therefore regarded as a hidden file. Both dot files and dot directories are used to hold preferences for most of the programs you use. Many programs will write a new dot file in your home directory when you run them for the first time. Many of these dot files have names that include the letters rc...

Having these logging technologies is great for accessing the information at your fingertips, but a time will come when you do not need the logs in their original form and would like to archive them off. This can be handled manually, but if you have a large number of logs, automation is the way to go. Logs, left to their own devices, especially those on a large active system, can run riot with your disk space. The logrotate application can automate the management of log files by copying and...

IN SOA ns.intpalmcoder.net. admin.intpalmcoder.net. i In the reverse zone definition, you can see the first entry in the file has been replaced with the symbol. The symbol is very important and is interpreted as the zone this file relates to. In the case of a reverse map, the zone is 0.168.192.in-addr.arpa. The in-addr.arpa is a special address that signifies this is an IP address lookup. The zone itself is a reverse of the IP address we are looking for. In much the same way that the...

SUSE includes its own sysconfig-based firewall script called SuSEfirewall2. The SuSEfirewall script has come a long way since its conception many years ago and provides a robust feature set that can be configured through YaST. For new users who need to set up a quick firewall, this is the perfect option. We would have suggested in years gone by that you should write your own firewall script, but if you do not feel the need to be able to control your rules explicitly, SuSEfirewall produces a...

Once your applications are logging to specific files, and the logs are being rotated, you can then manage and view your system statistics daily. If you would like to automate analysis of your log files for major occurrences, logcheck is here for you. logcheck scans through your log files and searches for telltale security and error messages and emails you its findings at predefined times through cron. The logcheck process uses a bookmark feature to send you only its findings since the last...

As an example, the following mount command mounts the partition dev hda5 on the directory mnt as an EXT2 filesystem using the alternate superblock at block address 8193 mount -t ext2 -o sb 8193 dev hda5 mnt Although the EXT2 and EXT3 filesystems share the same general organization, the EXT3 filesystem supports various attributes that are specific to its support for journaling. These attributes are stored in the superblock of an EXT3 filesystem. The most interesting of these attributes are those...

Postfix configuration is held in the file etc postfix main.cf. This file contains all configuration entries for general Postfix configuration as well as the locations of secondary configuration files for specific Postfix subsystems. To familiarize you with the Postfix configuration, we will run through the default Postfix main.cf file, highlighting the important configuration options. The default main.cf file is heavily commented to give you a means to understand what the option means. In...

The installation media contain a set of floppy disk images for starting an installation if for some reason you cannot boot from CD. There is also a rescue floppy image. These are in the directory boot on the DVD or CD1. YaST contains a module for creating floppy disks from these images. It can also write out an arbitrary floppy image to disk. Clearly, this is not useful for a new installation if you do not already have another SUSE system set up, but it may be useful to have a full set of boot,...

Justin Davies, Roger Whittaker, and William von Hagen 10475 Crosspoint Boulevard Indianapolis, IN 46256 Copyright 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN 0-7645-7739-5 Manufactured in the United States of America No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107...

Network Time Protocol NTP synchronizes your machine time with a centralized time server of your choosing. Time servers available on the Internet are usually a secondary source to a machine that acts as a central time server. Central or primary time servers are usually linked into an extremely accurate clock mechanism. To specify an NTP time source, select the Network Service icon in the left pane after starting YaST and then select the NTP Client option from the right pane. Selecting the NTP...

The SUSE Linux kernel features built-in connectivity with networked Windows resources by supporting the Windows Server Message Block SMB protocol that underlies most native Windows networking mechanisms. The SMB protocol is now considered a part of Microsoft's more general Common Internet File Services CIFS , but its name lives on in the Samba software suite. Acronyms reign supreme in the network world, most of which are related to the history of various standards and protocols. This is...

Here we assume that you want users with accounts on the system to be able to access their home directories by FTP. Again, please be aware that this could constitute a security risk if the system is available to the Internet, and you should think carefully about whether you want to do it. One common reason why you might want to do this is to set up a system to receive incoming files you can set up artificial users to own each home directory for each type of incoming file. You can then give the...

You are able to install SUSE from a network, CD, or DVD. Installing SUSE using an FTP server and other network-related sources is discussed briefly in Chapter 1. When the system is installed, you can also configure other installation sources for the SUSE packages. This is a common scenario when you have a few SUSE servers that all run from the same installation media. To specify alternate installation sources, select the Software icon after starting YaST, and click the Change Source of...

An FTP server is most commonly used as a server for anonymous downloads. We look at this setup first. An anonymous FTP server is a server that allows anyone to log in with the username ftp or anonymous and download files. If you use a browser to access an anonymous FTP site, the browser passes the login information to the site without the user having to think about it. User FTP, which we consider later, refers to an FTP server on which specified users have accounts that they can access with...